diff --git a/content/operate/rc/security/access-control/saml-sso/saml-integration-auth0.md b/content/operate/rc/security/access-control/saml-sso/saml-integration-auth0.md
index b9c79ea205..163a53a77c 100644
--- a/content/operate/rc/security/access-control/saml-sso/saml-integration-auth0.md
+++ b/content/operate/rc/security/access-control/saml-sso/saml-integration-auth0.md
@@ -27,7 +27,9 @@ Before completing this guide, you must [verify ownership of any domains]({{< rel
SAML assertion requires first and last name, which are not available in the default user profile.
- > **Note**: Depending how they are created, users can have different profiles.
+ {{}}
+Depending how they are created, users can have different profiles.
+ {{}}
{{}}
@@ -37,7 +39,7 @@ Before completing this guide, you must [verify ownership of any domains]({{< rel
The key-value pair of `redisAccountMapping` consists of a lowercase role name (owner, member, manager, billing_admin, or viewer) and your Redis Cloud Account ID found in the [account settings]({{< relref "/operate/rc/accounts/account-settings" >}}).
- ```
+ ```json
{
"FirstName": "Test",
"LastName": "User",
@@ -45,31 +47,52 @@ Before completing this guide, you must [verify ownership of any domains]({{< rel
}
```
-1. Open **Auth Pipeline > Rules** and select **Create**.
+1. Open **Actions > Triggers** and select **`post-login`**.
{{}}
-1. Pick a rule template then select **Empty rule**.
-
-1. Provide a **name** for the rule and add the following script.
-
- ```
- function mapSamlAttributes(user, context, callback) {
- user.user_metadata = user.user_metadata || {};
- context.samlConfiguration.mappings = {
- "Email": "email",
- "LastName": "user_metadata.LastName",
- "FirstName": "user_metadata.FirstName",
- "redisAccountMapping": "user_metadata.redisAccountMapping"
- };
- callback(null, user, context);
- }
+1. Select **Create Action** to create a new custom action.
+
+ {{}}
+
+1. Provide a **name** for the action and select **Create**.
+
+ {{}}
+
+1. Add the following code to the action:
+
+ ```js
+ exports.onExecutePostLogin = async (event, api) => {
+ const um = event.user.user_metadata || {};
+ const am = event.user.app_metadata || {};
+ api.samlResponse.setAttribute('email', event.user.email);
+ api.samlResponse.setAttribute(
+ 'firstName',
+ um.FirstName || ''
+ );
+ api.samlResponse.setAttribute(
+ 'lastName',
+ um.LastName || ''
+ );
+ const mapping = am.redisAccountMapping || um.redisAccountMapping;
+ if (mapping) {
+ api.samlResponse.setAttribute('redisAccountMapping', mapping);
+ } else {
+ api.access.deny('missing_redis_account_mapping', 'redisAccountMapping not set for user');
+ }
+ };
```
- 1. Select **Save Changes**.
+1. Select **Deploy** to save and deploy the action.
{{}}
+1. Return to the **`post-login`** trigger and drag the action you just created to the trigger.
+
+ {{}}
+
+ Select **Apply** to save your changes.
+
### Create and configure the SAML application
1. Open **Applications > Applications** and select **Create Application**.
@@ -97,7 +120,7 @@ Before completing this guide, you must [verify ownership of any domains]({{< rel
* Copy and save the **Issuer** value.
* Copy and save the **Identity Provider Login URL**.
- You will need both of these values, along with the certificate value you copied in the previous step, to configure SAML in admin console.
+ You will need both of these values, along with the certificate value you copied in the previous step, to configure SAML in the Redis Cloud console.
{{}}
@@ -139,25 +162,25 @@ To activate SAML, you need to have a local user (or social sign-on user) with th
## Step 3: Finish SAML configuration in Auth0
-1. Return to the Auth0 SAML application and select **Addons > Settings**:
+1. Return to the Auth0 SAML application and select **Addons > SAML 2 Web App > Settings**:
{{}}
* Paste the **Location** link in **Application Callback URL** field.
- * To update the **Settings** code area, add this code. Modify the `audience` variable with the `EntityID` value from the metadata file you downloaded. Also, modify the `recipient` variable with the `Location` value from the metadata file you downloaded.
+ * Enter the following code in the **Settings** code area. Modify the `audience` variable with the `EntityID` value, and the `recipient` variable with the `Location` value from the metadata file you downloaded.
- ```
+ ```json
{
- "audience": "ENTITYID VALUE FROM FILE",
- "recipient": "LOCATION VALUE FROM FILE",
+ "audience": "",
+ "recipient": "",
"passthroughClaimsWithNoMapping": false,
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]
}
```
- Scroll down and select **Save** to apply the configuration.
+ Scroll down and select **Enable** to apply the configuration.
### IdP initiated SSO
diff --git a/static/images/rc/saml/auth0_saml_1.png b/static/images/rc/saml/auth0_saml_1.png
index 1c271fff14..59c8cfb9fc 100644
Binary files a/static/images/rc/saml/auth0_saml_1.png and b/static/images/rc/saml/auth0_saml_1.png differ
diff --git a/static/images/rc/saml/auth0_saml_2.png b/static/images/rc/saml/auth0_saml_2.png
index 9ec4804780..a958556dfd 100644
Binary files a/static/images/rc/saml/auth0_saml_2.png and b/static/images/rc/saml/auth0_saml_2.png differ
diff --git a/static/images/rc/saml/auth0_saml_3.png b/static/images/rc/saml/auth0_saml_3.png
index 730d995340..23a4fbd142 100644
Binary files a/static/images/rc/saml/auth0_saml_3.png and b/static/images/rc/saml/auth0_saml_3.png differ
diff --git a/static/images/rc/saml/auth0_saml_4.png b/static/images/rc/saml/auth0_saml_4.png
index 6c605825cd..6f48c527b7 100644
Binary files a/static/images/rc/saml/auth0_saml_4.png and b/static/images/rc/saml/auth0_saml_4.png differ
diff --git a/static/images/rc/saml/auth0_saml_5.png b/static/images/rc/saml/auth0_saml_5.png
index 822ef5e37e..3a27f6325e 100644
Binary files a/static/images/rc/saml/auth0_saml_5.png and b/static/images/rc/saml/auth0_saml_5.png differ
diff --git a/static/images/rc/saml/auth0_saml_6.png b/static/images/rc/saml/auth0_saml_6.png
index f2bb05c71f..9364fb8b7b 100644
Binary files a/static/images/rc/saml/auth0_saml_6.png and b/static/images/rc/saml/auth0_saml_6.png differ
diff --git a/static/images/rc/saml/auth0_saml_7.png b/static/images/rc/saml/auth0_saml_7.png
index a204610ae2..584b00bdb1 100644
Binary files a/static/images/rc/saml/auth0_saml_7.png and b/static/images/rc/saml/auth0_saml_7.png differ
diff --git a/static/images/rc/saml/auth0_saml_8.png b/static/images/rc/saml/auth0_saml_8.png
index dabce36397..ec798f8de5 100644
Binary files a/static/images/rc/saml/auth0_saml_8.png and b/static/images/rc/saml/auth0_saml_8.png differ
diff --git a/static/images/rc/saml/auth0_saml_9.png b/static/images/rc/saml/auth0_saml_9.png
index c888d24552..5fcf19c5d4 100644
Binary files a/static/images/rc/saml/auth0_saml_9.png and b/static/images/rc/saml/auth0_saml_9.png differ
diff --git a/static/images/rc/saml/auth0_saml_action-trigger.png b/static/images/rc/saml/auth0_saml_action-trigger.png
new file mode 100644
index 0000000000..6cc9efd7b3
Binary files /dev/null and b/static/images/rc/saml/auth0_saml_action-trigger.png differ
diff --git a/static/images/rc/saml/auth0_saml_add-action.png b/static/images/rc/saml/auth0_saml_add-action.png
new file mode 100644
index 0000000000..bffe1fd50f
Binary files /dev/null and b/static/images/rc/saml/auth0_saml_add-action.png differ
diff --git a/static/images/rc/saml/auth0_saml_create-action.png b/static/images/rc/saml/auth0_saml_create-action.png
new file mode 100644
index 0000000000..c18d4557d7
Binary files /dev/null and b/static/images/rc/saml/auth0_saml_create-action.png differ